A look back at cybersecurity in 2017

The fact is no enterprise or individual is immune to a breach. What really matters is, did they have an intrusion but then prevent a data loss? Any company can and will likely have an unauthorized intrusion, but did they have the right prevention, detection and response processes in place to stop a loss?

A few years back Gartner reported that prevention is Futile, that we must focus on detection and reaction. This is because there are simply too many ways in to prevent 100% of intrusions. According to the 2017 Ponemon Cost of Data Breach study, the global average cost of a data breach is $3.62 million. Despite all the new and innovative Tools and Technologies Data Breaches still happen.

As my ISSA colleague Ira Winkler and his coauthor Araceli Treu Gomes point out in their latest book Advanced Persistent Security, most so-called advanced attacks are not really so advanced: “when you look at most of the attacks that have been proclaimed sophisticated by the victims or the consultants who pay to speak for them you see insufficient protection combined with insufficient detection capabilities.”

The top three data breaches of 2017 were:

Equifax, September 7, 2017: Equifax, one of the three largest credit agencies in the U.S., suffered a breach that may affect 143 million consumers. Due to the sensitivity of data stolen, including Social Security numbers and driver’s license numbers, this is being called one of the worst breaches of all time. Hackers were able to gain access to the company’s system from mid-May to July by exploiting a weak point in website software. The breach was discovered by Equifax on July 29, 2017 and at that time, they sought assistance from an outside forensics firm. Other compromised data is said to include full names, addresses, dates of birth, credit card numbers, and other personal information.

Verizon, July 13, 2017: A reported 14 million Verizon subscribers may have been affected by a data breach; this may include anyone who contacted Verizon customer service in the past six months. These records were held on a server that was controlled by Israel based Nice Systems. The data breach was discovered by Chris Vickery, who is with the security firm, UpGuard. He informed Verizon of the data exposure in late-June, and it took more than a week to secure the breached data. The actual data that was obtained were log files that became generated when customers of Verizon contacted the company via phone.

Kmart, May 31, 2017: Sears Holdings, the parent company of Kmart, revealed that Kmart’s store payment systems were infected with malware, but Kmart.com and Sears shoppers were not impacted by this breach. The malicious code has been removed, but the company has not shared how long the payment system was under attack and how many stores were affected. No personal identifying information was compromised, but certain credit card numbers may have been.

And on Oct 3, 2017 we learned that Yahoo announced that the huge data breach in August 2013 affected every user on its service — that’s all three billion user accounts and up from the initial one billion figure Yahoo initially reported. These data breach lists always elicit a “gee whiz, that’s amazing,” response. But what really matters is: Why? Why was there a breach with 1 million or even 100 records?

What was the root cause?

I always like to cite the Verizon Data Breach Investigations report which states the following for 2017:

• 75% of breaches were perpetrated by outsiders

• 62% featured hacking • 81 % leveraged stolen or weak passwords

• 51% included malware • 24% of the victims were financial institutions

• 66% of malware was distributed via infected email attachments

• 61% of the data breach victims in this year’s report are businesses with under 1,000 employees

• 95% of phishing attacks that led to a breach were followed by some sort of software installation

So, computer security is very complex and always involves the human element. People are the users of all this technology and it’s often their daily decisions that can make a big difference.

Should I share this file via email without encryption? Should I encrypt this data on my local drive? Is it being backed up? What is the data classification of the data I work with daily? Is that email from a company employee? Why are th

ey asking for this information? Why did they send a Zip or Exe file? All red flags for scammers and cyber criminals. We know there is no such thing as 100% security but with protective, detective and reaction, you’re highly likely to stop the exfiltration of valuable company assets.

https://www.csoonline.com/article/3239405/data-breach/a-look-back-at-cybersecurity-in-2017.html